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DETAILED ACTION 

1 . Claims 1-3, 5-17, 19-30, and 32-45 remain for examination. The correspondence 
filed 10/2/07 amended claims 1,15, 29, and 42. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/2/07 
has been entered. 

Response to Arguments 

3. Applicant's arguments with respect to claims 1-45 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

5. Any statements of Official Notice made in the previous Office Action that were 
not traversed by the Applicant in the amendment of 10/2/07 have now been taken as 
admissions of prior art, as permitted by MPEP 2144.03(C) 
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6. Claims 1-3, 5-13, 15-17, 19-27, 29, 30, 32-40, 44, and 45 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Boebert (U.S. Patent 5,822,435), and further 
in view of "Tom's Hardware Guide: Nuts and Bolts of Notebooks" (hereinafter, "10™"). 

Regarding claims 1,15, and 29: 

Boebert discloses a method, computer-readable medium, and trusted user 
interface engine comprising: accepting user input from a trusted user input device (col. 
5, lines 44-51); determining whether said secured execution environment is in a 
standard input mode (col. 5, lines 15-30); and directing the flow of user input based on 
the input mode of the secured execution environment including if said secured 
execution environment is in a standard input mode, transferring at least a portion of said 
user input to said second execution environment (col. 6, lines 40-60); determining 
whether said user input comprises a user NIM indication that said secured execution 
environment should be in a nexus input mode (col. 6, lines 1-10); and if said user input 
comprises said user NIM indication and said secured execution environment is not in 
said nexus input mode, switching said secured execution environment to said nexus 
input mode (col. 5, 27-32). 

Although Boebert discloses multiple alternatives for the user NIM indication to be 
the way that one transitions from standard input mode to nexus input mode (col. 6, lines 
1-10), note that these are separate embodiments, and thus instances of the Boebert 
invention exists wherein exactly one of those means is the only way to initiate the 
transition. However, Boebert does not explicitly disclose wherein there are at least two 
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ways to transition from secured mode to standard mode. It is now taken as Applicant 
admitted prior art that in prior art systems teaching a secure mode of operation, one can 
transition out of secure mode either by an explicit logout command, or by simply 
remaining idle for a set period of time (pursuant to MPEP 2144.03 see the "sshd" 
reference as an example, including pages 1 and 4 as indicated). In the case where the 
secure mode is terminated by an idle timeout, one of ordinary skill in the art at the time 
the invention would have recognized that this is an asymmetric transition mode, as 
Examiner knows of no system that would log a user into a computer, or a secure mode 
of said computer, simply by remaining idle for a period of time. Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
include an idle timeout mechanism in addition to whatever manual mode of transition 
would already be present in the Boebert invention, to keep the computer secure (cf. 
Boebert, col. 3, lines 10-15). 

Although Boebert discloses a keyboard separate from the workstation, it is well 
known that notebook computers existed wherein the keyboard is encompassed within 
the computer, and furthermore at least some notebook computers were designed with 
the explicit purpose to replace desktop workstations (Tom, "Segment #3: Meganote"). 
Accordingly the claim would have been obvious because the substitution of one known 
element for another (the notebook with integrated keyboard in lieu of the separate 
workstation and keyboard devices) would have yielded predictable results to one of 
ordinary skill in the art at the time the invention was made. 



Application/Control Number: Page 5 

10/693,061 

Art Unit: 2135 

Regarding claims 2 and 16: 

Boebert further discloses decrypting said user input (col. 4, lines 25-30). 

Regarding claims 3, 17, and 30: 

Boebert further discloses if said secured execution environment is in a nexus 
input mode, determining a specific process running in said secured execution 
environment to which said user input is directed (col. 7, lines 13-27); and directing said 
user input to said specific process (Ibid). 

Regarding claims 4, 1 8, and 31 : 

Boebert further discloses determining whether said user input comprises a user 
NIM indication that said secured execution environment should be in a nexus input 
mode (col. 6, lines 1-10); and if said user input comprises said user NIM indication and 
said secured execution environment is not in said nexus input mode, switching said 
secured execution environment to said nexus input mode (col. 5, lines 27-32). 

Regarding claims 5, 19, and 32: 

Boebert further discloses where said NIM indication comprises a combination of 
keystrokes on a keyboard (col. 6, lines 1-5). 
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Regarding claims 6, 20, and 33: 

Boebert further discloses where said NIM indication comprises a programmatic 
activation of a process running in said secured execution environment (e.g. the 
electronic mail function initiating the trusted mode, col. 7, lines 50-60). 

Regarding claims 7, 21, and 34: 

Boebert further discloses selecting a graphical user interface element 
corresponding to said process (col. 6, lines 50-60). 

Regarding claims 8, 22, and 35: 

Boebert further discloses wherein said graphical user interface element is a 
shadow graphical user interface element displayed using a second process, where said 
process is running on said second execution environment, and where said shadow 
graphical user interface element corresponds to a secured graphical user interface 
element displayed by said first process (Ibid; col. 5, lines 33-43; col. 8, lines 45-50). 

Regarding claims 9, 23, and 36: 

Although Boebert discloses determining if the user input indicates switching from 
the standard user input mode to the nexus [trusted] input mode (see the rationale of 
rejection for claims 4, 18, and 31 above), Boebert does not explicitly disclose the 
reverse process. It would have been immediately obvious to one of ordinary skill in the 
art at the time the invention was made to switch from nexus to standard input modes via 



Application/Control Number: Page 7 

10/693,061 

Art Unit: 2135 

at least one of the same mechanism(s) provided for the switch from standard to nexus 
modes. One would do so because failure to provide a means to terminate the trusted 
input mode would allow subsequent users of the computer system to masquerade as 
the original authenticated user, thereby defeating the security of the disclosed system 
(see also col. 2, lines 55-65). 

Regarding claims 10, 24, and 37: 

Boebert further suggests where said user SIM indication comprises a 
combination of keystrokes on a keyboard (col. 6, lines 1-5). 

Regarding claims 11, 25, and 38: 

Boebert further suggests where said user SIM indication comprises an action 
which results in a display with no graphical user interface element which corresponds to 
a process running on said secured execution environment (VT100s being known in the 
art as having no graphical user interface, col. 6, lines 50-55). 

Regarding claims 12, 26, and 39: 

Boebert further discloses where if said secured execution environment is in a 
standard input mode, and a second portion of said user input corresponds to changes to 
a graphical user interface element displayed by a process running on said secured 
execution environment, said changes to said graphical user interface element are 
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performed within said secured execution environment (X-Windows, col. 6, lines 50-60; 
see also col. 7, lines 30-39). 

Regarding claims 13, 27, and 40: 

Boebert further discloses where said changes to a graphical user interface 
element displayed by a process running on said execution environment comprise the 
movement of a mouse cursor over a graphical user interface element displayed by a 
process running on said secured execution environment (inherent to X-Windows, see 
col. 6, lines 50-60). 

Regarding claim 44: 

Boebert discloses a computer readable medium comprising: maintaining a 
current state for said secured execution environment selected from among a group of 
possible states comprising: a standard input mode and a nexus input mode state 
(elements 37 and 38 of Figures 3 and 4; col. 5, lines 20-30); and directing flow of user 
input according to said current state (col. 5, lines 15-50). Applicant is referred to pages 
3 & 4 of this Action regarding the general obviousness of the new limitation of this claim. 

Regarding claim 45: 

Boebert further discloses limiting a transfer of said user input to said second 
execution environment when said current state is said nexus input mode state (col. 5, 
lines 44-51). 
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7. Claims 42 and 43 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Boebert, in view of "Meeting Critical Security Objectives with Security-Enhanced 
Linux" (hereinafter, "Loscocco"). 

Regarding claim 42: 

Boebert discloses a method comprising: maintaining a current state for said 
secured execution environment selected from among a group of possible states 
comprising: a standard input mode and a nexus input mode state (elements 37 and 38 
of Figures 3 and 4; col. 5, lines 20-30); and directing flow of user input according to said 
current state (col. 5, lines 15-50). It is further observed that the Boebert invention is 
preferably run on a Unix-based computer running X-Windows (col. 4, lines 35-45) and 
that seperate windows within the X-Windows system act as independent execution 
environments, allowing for one window to be construed as a [more] secure environment 
compared to others simultaneously running (col. 6, lines 45-60). Boebert does not, 
however, wherein said Unix system employs a secure kernel. Nevertheless, the use of 
secure kernels to control Unix-based computers has been well known in the art, as 
disclosed by Loscocco (page 2, 1st column, last paragraph; cf. sections 3.4 and 3.5 
regarding process controls). It would have been obvious to one of ordinary skill in the 
art to use a secure kernel to manage a secured execution environment and a second 
execution environment. The motivation for doing so would be to minimize the threat of 
tampering and bypassing application security mechanisms and confine the damage that 
could be caused by malicious or flawed applications (Loscocco, Abstract). 
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Regarding claim 43: 

Boebert further discloses limiting a transfer of said user input to said second 
execution environment when said current state is said nexus input mode state (col. 5, 
lines 44-51). 

8. Claims 14, 28, and 41 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Boebert in view of Tom as applied to claims 1,15, and 29 above, and 
further in view of Hwang (U.S. Patent 6,121,962). 

Regarding claims 14, 28, and 41: 

Neither Boebert nor Tom explicitly disclose switching said execution environment 
to a nexus input mode if a power management change is detected. However, Hwang 
discloses this limitation (col. 3, lines 25-40). It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to switch into a secure input 
mode when a power management change, such as powering up from a suspended 
state, is made. The motivation for doing so would be to protect confidential data against 
unauthorized users (Hwang, col. 3, lines 10; see also Boebert, col. 3, lines 10-15). 
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Conclusion 



9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tom Gyorfi whose telephone number is (571) 272-3849. 
The examiner can normally be reached on 8:30am - 5:00pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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